<?php
class PreparedStatement
{
    private $con = "";               // Used to store the MySQL connection
    private $values;            // The array in which all ints and strings will be stored
    private $query_string;      // The SQL statement which has to be executed
    private $cur_number;
    private $cur_value;
    private $error = false;
    private $error_message = "";
    private $affected_rows;
    private $id;

    // Set the user-input query in query_string
    function __construct($query) {
        $this->query_string = $query;
    }

    // connects to the database with the login details specified in config/database.php
    private function connect() {
        $this->con = mysql_connect(db_host, db_username, db_password);
        if(!$this->con)
            {
                $this->error = true;
                $this->set_error("MySQL error: " . mysql_error());
                return;
            }
        mysql_select_db(db_database, $this->con);
    }

    // sets the error message
    private function set_error($message) {
        $this->error_message = $message;
        $this->error = true;
    }

    // returns a the error message
    public function get_error() {
            return $this->error_message;
    }
    
    // sets the id of the new row with an insert query
    private function set_id($id) {
        $this->id = $id;
    }
    
    // returns the id of the new row with an insert query
    public function get_id() {
        return $this->id;
    }
    
    // checks if there was an error, if not, return true
    public function is_succesfull() {
        return $this->error ? 0 : 1;
    }

    // close the mysql connection
    private function disconnect() {
        mysql_close($this->con);
    }

    // checks the value and adds quotes
    private function check_value() {
        $this->cur_value = $this->clean_user_input($this->cur_value);
        if(strpos($this->query_string, "?") < stristr($this->query_string, "VALUES"))
            return "`" . $this->cur_value . "`";
        else
            return "'" . $this->cur_value . "'";
    }

    // defends the query against SQL injection
    private function clean_user_input($input){
        if (get_magic_quotes_gpc())
            $clean = mysql_real_escape_string(stripslashes($input));
        else
            $clean = mysql_real_escape_string($input);
        return $clean;
    }

    // the actual executing of the query which returns the returned recordset
    private function real_execute() {
            $q = mysql_query($this->query_string, $this->con);
            if(!$q)
            {
                $this->error = true;
                $this->set_error("MySQL error: " . mysql_error());
                return;
            }
            $this->affected_rows = mysql_affected_rows($this->con);
            $this->set_id(mysql_insert_id($this->con));
            $this->disconnect();;
            return $q;
    }

    // function that makes the query to be executed and checks everything
    public function execute() {
        $this->connect();
        if(count($this->values) == substr_count($this->query_string, "?") && count($this->values) > 0) {
            foreach($this->values as $this->cur_number => $this->cur_value) {
                $this->query_string = substr_replace($this->query_string, $this->check_value(), strpos($this->query_string,"?"), 1);
            }
            return $this->real_execute();
        }
        elseif(count($this->values) == 0 && substr_count($this->query_string, "?") == 0) {
            return $this->real_execute();
        }
        else {
            echo "PreparedStatement could not be executed, " . count($this->values) . " values set, " . substr_count($this->query_string, "?") . " needed.";
        }
    }

    // returns the number of affected rows by the query
    public function getAffectedRows() {
        return $this->affected_rows;
    }

    // adds an int to the values array
    public function setInt($value) {
        $this->values[] += $value;
    }

    // adds a string to the values array
    public function setString($value) {
        $this->values[] .= $value;
    }
}
?>